A vulnerability was found in wger 2.2/2.5 and classified as critical. This impacts an unknown function of the component Trainer-Login Endpoint. The manipulation results in permission issues.

This vulnerability is known as CVE-2026-43978. It is possible to launch the attack remotely. No exploit is available.